what is Merkle Tree Proof of Reserves

After FTX was hacked, many prevailing exchanges announced they would provide Merkle Tree Proof of Reserves to encourage transparency[1]. The Merkle tree proof of reserve is an essential cryptographic tool that is thought to boost the public confidence and transparency of user assets. It utilizes a particular data structure, Hash Tree or Merkle tree, to prove that the centralized exchange has adequate assets to serve its customers.<img src="http://cdn.blog-blockchain.xyz/202211182038173.png" alt="1920px-Hash_Tree.svg" style="zoom: 50%;" />

The above picture from the wiki shows that every leaf node is the hash of a data block, and every non-leaf node is the hash of its child nodes. Hence, all the child nodes uniquely establish and determine the root. When applied to proof of reserves, the leaves are labeled as all the balances of accounts controlled by centralized exchanges. We can quickly validate and monitor whether the accumulated balance alters.

To enhance its confidence, exchanges may entrust third-party auditors to pick a snapshot at random and combine the unique hashed id into a Merkle tree, then consolidate all id information into a root. Users can input their hash pieces to reproduce the process partly to verify their balance by checking the root. An example can be seen at https://proof-of-reserves.trustexplorer.io/clients/kraken/ .

Improved Approaches

Real-time Attestation

Though the mentioned method seems perfect, many flaws must be addressed. For instance, an exchange company may borrow plenty of assets to counterfeit that they are solvent and affordable for any withdrawal before the snapshot. Real-time attestation can mitigate and alleviate the problem.

Real-time attestation, also named real-time assurance, is the process whereby an independent accountant collects sufficient audit evidence and performs substantive procedures to issue on-demand audit reporting to intended users while meeting obligations under the then-prevailing audit standards and professional ethics requirements[2]. It is noteworthy that "real-time" does not mean "continuously" but "collect audit evidence in real-time". An example can be seen at https://real-time-attest.trustexplorer.io/nexo .

Relevant tutorials or passages are rare. OpenTimestamps is a blockchain-agnostic protocol that creates timestamp proofs based on a Certificate Authority (CA) issued by the governing body of a blockchain[3]. The OpenTimestamps protocol can reduce to the procedure that aggregates new node hash into Merkle Tree root when the monitored accounts change. This method does not consume much gas or computation since it operates outside the blockchain.

If you are interested in the protocol mentioned above, the website[4] might be a playground for you.

MPC-Threshold Signature Scheme

Multi-party computation is a subfield of cryptography with the goal of creating methods for parties to jointly compute a function over their inputs while keeping those inputs private[5].

There are three main properties of multi-party computation[6]:

1. Correctness: the parties involved in multi-party computing initiate computation tasks and perform collaborative computation through an agreed secure multi-party computation function. The output produced by and algorithm is correct ( as expected).

2. Privacy: each party must ensure that their secret inputs are independent and that no local data is disclosed during the computation.

3. Decentralization: a decentralized computing model is offered with total equal of each participant, and no privilege for any participant or third party.

MPC-Threshold Signature Scheme divides a key-share to the auditor, who can use it to get anonymous information about total assets controlled by the centralized exchange. However, the auditor can not use it to obtain other sensitive information. Particularly, the entrusted auditor must get another key-share conferred from the exchange to get the privilege of censoring its assets. For instance, only an authorized can aggregate the total assets of all co-managed addresses by both the exchange and the auditor.

Further Reading

• What Is Proof of Reserves and Can It Build Back Trust? - Blockworks
• Secret sharing - From Wikipedia, the free encyclopedia
• Chatzigiannis, P., Chalkias, K. (2021). Proof of Assets in the Diem Blockchain. In: , et al. Applied Cryptography and Network Security Workshops. ACNS 2021. Lecture Notes in Computer Science(), vol 12809. Springer, Cham. https://doi.org/10.1007/978-3-030-81645-2_3
• Decker, C., Guthrie, J., Seidel, J., Wattenhofer, R. (2015). Making Bitcoin Exchanges Transparent. In: Pernul, G., Y A Ryan, P., Weippl, E. (eds) Computer Security -- ESORICS 2015. ESORICS 2015. Lecture Notes in Computer Science(), vol 9327. Springer, Cham. https://doi.org/10.1007/978-3-319-24177-7_28
• Reddy, B. Swaroopa. "A ZK-SNARK based Proof of Assets Protocol for Bitcoin Exchanges." arXiv preprint arXiv:2208.01263 (2022).

reference

• [1] https://www.thenewsminute.com/article/what-merkle-tree-proof-reserves-170062
• [2]https://www.armaninollp.com/-/media/pdf/white-papers/whitepaper-trustexplorer-real-time-audit.pdf
• [3]https://medium.com/business-blockchain-hq/armanino-launches-auditing-software-business-blockchain-hq-e5f935dcc8a4
• [4] https://dgi.io/ots-tutorial/
• [5]https://en.wikipedia.org/wiki/Secure_multi-party_computation
• [6]https://www.jadewallet.io/mpc-based-threshold-signature-scheme.html

欢迎关注个人博客，交流学习：https://www.blog-blockchain.xyz/